Must Read: Sorry, but bringing back the Start menu won't help Windows 8

Topic: Google

Google patches Chrome security holes, adds PDF viewer in sandbox

Summary: Google has shipped a new version of its Chrome web browser to fix at least 14 security vulnerabilities that expose users to malicious hacker attacks.

Ryan Naraine

By for Zero Day |

Google has shipped a new version of its Chrome web browser to fix at least 14 security vulnerabilities that expose users to malicious hacker attacks.

The Chrome 8.0.552.215 update also include a new built-in PDF viewer that is secured in Chrome’s sandbox, according to a brief note posted by Google's Jason Kersey.

Five of the 14 security flaws carry a "high-risk" rating.

Details on the security vulnerabilities.follow Ryan Naraine on twitter

  • [17655] Possible pop-up blocker bypass. Low Risk.
  • [55745] Cross-origin video theft with canvas.  Discovered and reported by Microsoft Vulnerability Research (MSVR). Medium Risk.
  • [56237] Browser crash with HTML5 databases. Low Risk.
  • [58319] Prevent excessive file dialogs, possibly leading to browser crash. Low Risk.
  • [59554] Use-after-free vulnerability in history handling. High Risk.
  • [Linux / Mac] [59817] Make sure the “dangerous file types” list is up to date with the Windows platforms. Medium Risk.
  • [61701] Browser crash with HTTP proxy authentication. Low Risk.
  • [61653] Out-of-bounds read regression in WebM video support. Medium Risk.
  • [62127] Crash due to bad indexing with malformed video. High Risk.
  • [62168] Possible browser memory corruption via malicious privileged extension. Medium Risk.
  • [62401] Use-after-free vulnerability with SVG animations. High Risk.
  • [63051] Use-after-free vulerability in mouse dragging event handling. High Risk.
  • [63444] Double-free vulnerability in XPath handling. High Risk.

As part of its ongoing bug-bounty program, Google shelled out $4,000 to purchase vulnerability data from the security research community.

Topics: Google, Browser, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

18 comments
Log in or register to join the discussion

  • RE: Google patches Chrome security holes, adds PDF viewer in sandbox

    Looks good. Lemme go upgrade...
    statuskwo5
    Reply Vote

    • I thought chrome auto-updated itself?

      @statuskwo5
      otaddy
      Reply Vote

      • RE: Google patches Chrome security holes, adds PDF viewer in sandbox

        @otaddy

        Heh, yeah it does. I just clicked on the "About Chrome..." menu item and there was a label at the bottom notifying me it was installing updates.
        mibjr
        Reply Vote

      • But what if you never click About Chrome?

        @otaddy

        Do the updates still install? I never get notification of new updates.
        otaddy
        Reply Vote

      • I was under the impression it auto-updated

        regardless of whether people clicked the "about chrome". Check the process manager, and there should be a "chrome updater" in the process list. This is the one that does it, I believe.
        Michael Alan Goff
        Reply Vote

      • RE: Google patches Chrome security holes, adds PDF viewer in sandbox

        @otaddy Not in Ubuntu it doesn't. I have it set to update automatically with Update Manager, but I have it set to 2 weeks. In other words I had to update it manually.
        statuskwo5
        Reply Vote

      • Well, yeah, it wouldn't update automatically with Ubuntu

        At least they put it in with the Update Manager, though. That sort of thing in Windows would make the auto-update a lot less useful.
        Michael Alan Goff
        Reply Vote

  • RE: Google patches Chrome security holes, adds PDF viewer in sandbox

    They do their best to stop other people's malware, but nothing to protect you from the Google spynet. Chrome is for suckers.
    jorjitop
    Reply Vote

    • *yawn*

      Got any other tired Google insults?
      Michael Alan Goff
      Reply Vote

      • RE: Google patches Chrome security holes, adds PDF viewer in sandbox

        @goff256

        He probably works on the MS Bing team. Nvm him.

        -M
        betelgeuse68
        Reply Vote

      • RE: Google patches Chrome security holes, adds PDF viewer in sandbox

        @goff256
        I think he's got a point.

        You can care or not care. That's up to you. But Chrome *is* essentially spyware.
        x I'm tc
        Reply Vote

      • Except that he doesn't have a point

        Take any email service, search engine, and likely some OS and you'll realize that they do the same thing. If Google were alone, he'd have a point.
        Michael Alan Goff
        Reply Vote

  • RE: Google patches Chrome security holes, adds PDF viewer in sandbox

    I am so far very happily using Chrome along with Firefox and having a good time. But then I am an old technocrat, and see no reason to think that Google and Chrome and all the other Google tools are not going to replace Microsoft and IE and Windows in a few short years. Having been a Mac user as well, and UNIX and many other OSs all along, I will be glad to be free of Windows and all of its anchors and new OS releases every 1-2 years. Enough is enough. Windows is the one for suckers, and Google makes the most sense for the future. Wake up to it or play catch up to it later on.
    sacbrat54
    Reply Vote

    • RE: Google patches Chrome security holes, adds PDF viewer in sandbox

      @sacbrat54 : Hmmm. You dislike Windows [for among other reasons] because of "new OS releases every 1-2 years". Huh? You got the wrong OS. Windows gets a new version every 3 years. Linux is every year [or less]. Macs? You are paying to go from 10.5 to 10.6 to 10.7 every 2 years [or less]. So much for calling yourself "an old technocrat" or just biased against Microsoft?
      Gis Bun
      Reply Vote

    • Release Schedules

      Linux- Mostly twice a year.<br>Apple- Once every 18 months or so<br>Windows- 3 years<br><br>Dunno about Unix.<br><br>Google? I like the concept, I really do, but I get the feeling Chrome OS will be perpetual beta.
      Michael Alan Goff
      Reply Vote

  • RE: Google patches Chrome security holes, adds PDF viewer in sandbox

    Jeez. 14 security updates for a browser. No wonder why it was listed as the second worse browser by vulnerabilities [so far this year]. And no. IE wasn't #1.

    Adding PDF support will probably increase the number of vulnerabilities. Why would they include a PDF viewer anyways [even in a sandbox]? Now you'll have one PDF viewer outside of the browser and one inside? What a waste.
    Gis Bun
    Reply Vote

  • RE: Google patches Chrome security holes, adds PDF viewer in sandbox

    The update appears to have broken the GWT developer plugin. Kind of ironic that I have to use FF or IE to develop with GWT now. :-0
    MrRobIvan
    Reply Vote

  • use Chrome PDF; use Sumatra for other browsers

    This seems a very good solution.

    Sumatra PDF 1.2 just released has very nice rendering compared to others. Not quite as clear on laptop as Adobe, but it is entirely readable and usable as you can see high-end font variations correctly even at tiny sizes. Layout looks to match.

    Open source, lightweight, fast, and very much improved with 1.2 - kudos to the Sumatra team. It politely has a menu item to open the PDF in Adobe when you want that.

    I've been working this way for a while, and like the solution.
    Narr vi
    Reply Vote
CNET Join | Log In | Privacy | Cookies Close